Turbonomic

 View Only

Turbonomic Deployment on AWS Elastic Kubernetes Service (EKS)

By Anand Awasthi posted Mon December 12, 2022 05:36 AM

  

Authors: Anand Awasthi, Vijaya Bhaskar R Siddareddi


IBM Turbonomic is an Application Resource management solution that ensures continuous application performance, while optimizing the cost and assuring the compliance at the same time across on-prem and public cloud environments.

Turbonomic platform can be deployed on a Virtual Machine (as VMware OVA image or Microsoft  Hyper-V image) or onto any x86 Linux-based Kubernetes cluster or Red Hat OpenShift platform.

In this blog, we will explain how you can deploy Turbonomic on EKS cluster on AWS, secure it using a certificate issued by AWS-ACM, terminate Transport Layer Security (TLS) at the Network Load Balancer (NLB) and access Turbonomic Console through a custom domain registered / defined in Route 53.

Prerequisites

  • EKS Cluster with at least three worker nodes
  • Each worker node with a minimum configuration of 4 vCPU and 16 GB RAM
  • Block or File storage class configured on the cluster

Turbonomic on AWS EKS – Deployment Architecture

This architecture diagram depicts our deployment architecture for Turbonomic on EKS cluster.

Deployment Steps

We shall follow the steps given below at a broad level, to deploy Turbonomic on AWS EKS Cluster:

Step 1: Deploy Elastic Block Storage (EBS) CSI Driver

Step 2: Reserve a Domain name

Step 3: Request the Transport Layer Security (TLS) certificate

Step 4: Deploy Turbonomic

Step 5: Configure Network Load Balancer (NLB)

Step 6: Create routing entry in hosted zone

Step 7: Access Turbonomic Console from browser

Step 1: Deploy EBS CSI Driver

When an EKS cluster is deployed, a default storage class with the name ‘gp2’, which is backed by EBS, is pre-configured. Turbonomic supports both block and file type of storage for its data persistence requirements. Here let us make use of this pre-configured storage class.

Configure an IAM policy with appropriate permissions to allow worker nodes to create and modify Amazon EBS volumes. After that, deploy EBS CSI driver by following the steps mentioned in this AWS Blog:

https://aws.amazon.com/premiumsupport/knowledge-center/eks-persistent-storage/ 

Under ‘Resources’ tab in AWS EKS dashboard, you can see the installed EBS CSI driver:



Step 2: Reserve the Domain name

If you do not have a custom domain already, reserve a domain through AWS Route53 service (or any other Domain Registrar). For example, if I want to have my Turbonomic URL to be like ‘turbo.ibmgsilab.com’, I can register for the domain ‘ibmgsilab.com’.

You can follow the steps in the link given below to register your domain with Route53 service: 

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-register.html

Step 3: Request the TLS certificate 

Now request a public certificate that will be enforced at the NLB. You can request certificate for a fully qualified domain name or with wildcard. In this example, we request a wildcard certificate for our domain ‘ibmgsilab.com’.

You can follow the steps give at the link below to create a TLS certificate using AWS-ACM service: 

https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html

Step 4: Deploy Turbonomic

Turbonomic provides operator-based installation for easy deployment and lifecycle management of Turbonomic platform. The detailed steps can be found at below GitHub location:

https://github.com/turbonomic/t8c-install/wiki

In our case, we will follow the steps for multi-node deployment.

Step 4.1: Create a namespace

Create a new namespace. As an example, we created ‘turbonomic’ namespace, where the turbonomic software would be deployed.

kubectl create ns turbonomic

Step 4.2: Create the Custom Resource Definition (CRD)

Create the custom resource definition to allow the Turbonomic Operator to deploy all the necessary resources.

For Kubernetes version 1.22 and higher, run below command.

kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/config/crd/bases/charts.helm.k8s.io_xls.yaml

If your cluster is on earlier version of Kubernetes, you need to run below command to create the CRD:

kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/crds/charts_v1alpha1_xl_crd.yaml

Step 4.3: Deploy Turbonomic Operator

In this step we create credentials and also a custom resource definition to deploy the operator. These resources are namespaced and you only need to be the admin of your namespace / project.

We will enable Turbonomic to manage this EKS cluster also, which needs deployment of KubeTurbo on this cluster. This requires us to create ClusterRole and ClusterRoleBinding resources.

  • Create the operator service account.
    kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/service_account.yaml -n turbonomic
  • Create the cluster role.
    kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/cluster_role.yaml -n turbonomic
  • Create the cluster role binding.
    kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/cluster_role_binding.yaml -n turbonomic

Now launch the Turbonomic Operator pod.

kubectl create -f https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/operator.yaml -n turbonomic

Wait for the operator to become available (status = running with ready column indicating 1/1).

Check the status using: kubectl get pods -n turbonomic

Step 4.4: Create Turbonomic Instance through Custom Resource (CR)

In this step we deploy Turbonomic by using a Custom Resource where we specify few deployment configurations. Turbonomic provides a base deployment configuration file, which can be modified to suit our requirements. The CR resource is namespaced, and you only need to be the admin of your namespace / project to create an instance of the Turbonomic platform.

Download the CR sample deployment configuration from the link given below:

https://raw.githubusercontent.com/turbonomic/t8c-install/master/operator/deploy/crds/charts_v1alpha1_xl_cr.yaml.

Make the modifications required for your environment. You can enable appropriate probes for your environments. Here we have two important configurations to be done to provision an NLB with TLS termination at the load balancer. 

First get the ARN of the public certificate that you have created using AWS ACM.

In the CR YAML file downloaded, add following annotations under the spec --> global --> ingress --> annotations:

global:

    ingress:

      annotations:

        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http

        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing

        service.beta.kubernetes.io/aws-load-balancer-ssl-cert:  arn:aws:acm:us-east-2:005990573564:certificate/b3768036-924c-402b-847d-879dbb3b6f0d

        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"

        service.beta.kubernetes.io/aws-load-balancer-type: nlb

Here replace the certificate ARN with the one you have created.

Also disable httpsRedirect and make nginxIsPrimaryIngress as true under spec --> nginx

Now create the Turbonomic instance using this updated CR YAML file:

kubectl apply –f {path_to_modified_CR_file.yaml} -n turbonomic

Wait for few minutes for all the pods to come into ready state. You can check the status of the created NLB.

kubectl get svc -n turbonomic | grep nginx

It may take couple of minutes for the NLB to come into ‘Active’ state.


Step 5: Configure NLB

Since the TLS termination is happening at the NLB, we need to change the default backend to non-TLS port on the nginx.

Select the listener ‘TLS:443’ and click on ‘Edit Listener’ in ‘Actions’ drop down.

Change the default forward rule to non-TLS port and save the changes.


If you wish, you can delete the insecure listener ‘TCP:80’ of NLB. 

Step 6: Create routing entry in hosted zone

Go to the hosted zone for your domain and create an A-record.



Create an A-record and route traffic to NLB with appropriate routing policy.

After you complete this step, you will see an A-record created in your hosted zone.

Step 7: Access Turbonomic Console from browser

Now you can access your Turbonomic instance through web console. You can verify the enforced TLS certificate.

Set the appropriate password for the ‘administrator’ user and import a valid Turbonomic license. This would complete the setup of Turbonomic on EKS Cluster. You can then proceed with configuration of target environments in Turbonomic and benefit from the automation of continuous application performance.

Troubleshooting

If you face https redirection error while accessing the Turbonomic URL, inject the following environment variable into nginx deployment:

DISABLE_HTTPS_REDIRECT: true

kubectl edit deployment nginx -n turbonomic


#Turbonomic


#AmazonEKS
0 comments
52 views

Permalink